+/*
+ * Construct a packet with the specified contents and
+ * send it to the server.
+ */
+static void send_packet(int pkttype, ...)
+{
+ va_list args;
+ unsigned char *p, *argp, argchar;
+ unsigned long argint;
+ int pktlen, argtype, arglen;
+ Bignum bn;
+
+ pktlen = 0;
+ va_start(args, pkttype);
+ while ((argtype = va_arg(args, int)) != PKT_END) {
+ switch (argtype) {
+ case PKT_INT:
+ (void) va_arg(args, int);
+ pktlen += 4;
+ break;
+ case PKT_CHAR:
+ (void) va_arg(args, char);
+ pktlen++;
+ break;
+ case PKT_DATA:
+ (void) va_arg(args, unsigned char *);
+ arglen = va_arg(args, int);
+ pktlen += arglen;
+ break;
+ case PKT_STR:
+ argp = va_arg(args, unsigned char *);
+ arglen = strlen(argp);
+ pktlen += 4 + arglen;
+ break;
+ case PKT_BIGNUM:
+ bn = va_arg(args, Bignum);
+ pktlen += ssh1_bignum_length(bn);
+ break;
+ default:
+ assert(0);
+ }
+ }
+ va_end(args);
+
+ s_wrpkt_start(pkttype, pktlen);
+ p = pktout.body;
+
+ va_start(args, pkttype);
+ while ((argtype = va_arg(args, int)) != PKT_END) {
+ switch (argtype) {
+ case PKT_INT:
+ argint = va_arg(args, int);
+ PUT_32BIT(p, argint);
+ p += 4;
+ break;
+ case PKT_CHAR:
+ argchar = va_arg(args, unsigned char);
+ *p = argchar;
+ p++;
+ break;
+ case PKT_DATA:
+ argp = va_arg(args, unsigned char *);
+ arglen = va_arg(args, int);
+ memcpy(p, argp, arglen);
+ p += arglen;
+ break;
+ case PKT_STR:
+ argp = va_arg(args, unsigned char *);
+ arglen = strlen(argp);
+ PUT_32BIT(p, arglen);
+ memcpy(p + 4, argp, arglen);
+ p += 4 + arglen;
+ break;
+ case PKT_BIGNUM:
+ bn = va_arg(args, Bignum);
+ p += ssh1_write_bignum(p, bn);
+ break;
+ }
+ }
+ va_end(args);
+
+ s_wrpkt();
+}
+
+
+/*
+ * Connect to specified host and port.
+ * Returns an error message, or NULL on success.
+ * Also places the canonical host name into `realhost'.
+ */
+static char *connect_to_host(char *host, int port, char **realhost)
+{
+ SOCKADDR_IN addr;
+ struct hostent *h;
+ unsigned long a;
+#ifdef FWHACK
+ char *FWhost;
+ int FWport;
+#endif
+
+ savedhost = malloc(1+strlen(host));
+ if (!savedhost)
+ fatalbox("Out of memory");
+ strcpy(savedhost, host);
+
+ if (port < 0)
+ port = 22; /* default ssh port */
+ savedport = port;
+
+#ifdef FWHACK
+ FWhost = host;
+ FWport = port;
+ host = FWSTR;
+ port = 23;
+#endif
+
+ /*
+ * Try to find host.
+ */
+ if ( (a = inet_addr(host)) == (unsigned long) INADDR_NONE) {
+ if ( (h = gethostbyname(host)) == NULL)
+ switch (WSAGetLastError()) {
+ case WSAENETDOWN: return "Network is down";
+ case WSAHOST_NOT_FOUND: case WSANO_DATA:
+ return "Host does not exist";
+ case WSATRY_AGAIN: return "Host not found";
+ default: return "gethostbyname: unknown error";
+ }
+ memcpy (&a, h->h_addr, sizeof(a));
+ *realhost = h->h_name;
+ } else
+ *realhost = host;
+#ifdef FWHACK
+ *realhost = FWhost;
+#endif
+ a = ntohl(a);
+
+ /*
+ * Open socket.
+ */
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if (s == INVALID_SOCKET)
+ switch (WSAGetLastError()) {
+ case WSAENETDOWN: return "Network is down";
+ case WSAEAFNOSUPPORT: return "TCP/IP support not present";
+ default: return "socket(): unknown error";
+ }
+
+ /*
+ * Bind to local address.
+ */
+ addr.sin_family = AF_INET;
+ addr.sin_addr.s_addr = htonl(INADDR_ANY);
+ addr.sin_port = htons(0);
+ if (bind (s, (struct sockaddr *)&addr, sizeof(addr)) == SOCKET_ERROR)
+ switch (WSAGetLastError()) {
+ case WSAENETDOWN: return "Network is down";
+ default: return "bind(): unknown error";
+ }
+
+ /*
+ * Connect to remote address.
+ */
+ addr.sin_addr.s_addr = htonl(a);
+ addr.sin_port = htons((short)port);
+ if (connect (s, (struct sockaddr *)&addr, sizeof(addr)) == SOCKET_ERROR)
+ switch (WSAGetLastError()) {
+ case WSAENETDOWN: return "Network is down";
+ case WSAECONNREFUSED: return "Connection refused";
+ case WSAENETUNREACH: return "Network is unreachable";
+ case WSAEHOSTUNREACH: return "No route to host";
+ default: return "connect(): unknown error";
+ }
+
+#ifdef FWHACK
+ send(s, "connect ", 8, 0);
+ send(s, FWhost, strlen(FWhost), 0);
+ {
+ char buf[20];
+ sprintf(buf, " %d\n", FWport);
+ send (s, buf, strlen(buf), 0);
+ }
+#endif
+
+ return NULL;
+}
+
+static int ssh_versioncmp(char *a, char *b) {
+ char *ae, *be;
+ unsigned long av, bv;
+
+ av = strtoul(a, &ae, 10);
+ bv = strtoul(b, &be, 10);
+ if (av != bv) return (av < bv ? -1 : +1);
+ if (*ae == '.') ae++;
+ if (*be == '.') be++;
+ av = strtoul(ae, &ae, 10);
+ bv = strtoul(be, &be, 10);
+ if (av != bv) return (av < bv ? -1 : +1);
+ return 0;
+}
+
+
+/*
+ * Utility routine for putting an SSH-protocol `string' into a SHA
+ * state.
+ */
+#include <stdio.h>
+void sha_string(SHA_State *s, void *str, int len) {
+ unsigned char lenblk[4];
+ PUT_32BIT(lenblk, len);
+ SHA_Bytes(s, lenblk, 4);
+ SHA_Bytes(s, str, len);
+}
+
+/*
+ * SSH2 packet construction functions.
+ */
+void ssh2_pkt_adddata(void *data, int len) {
+ pktout.length += len;
+ if (pktout.maxlen < pktout.length) {
+ pktout.maxlen = pktout.length + 256;
+ pktout.data = (pktout.data == NULL ? malloc(pktout.maxlen+APIEXTRA) :
+ realloc(pktout.data, pktout.maxlen+APIEXTRA));
+ if (!pktout.data)
+ fatalbox("Out of memory");
+ }
+ memcpy(pktout.data+pktout.length-len, data, len);
+}
+void ssh2_pkt_addbyte(unsigned char byte) {
+ ssh2_pkt_adddata(&byte, 1);
+}
+void ssh2_pkt_init(int pkt_type) {
+ pktout.length = 5;
+ ssh2_pkt_addbyte((unsigned char)pkt_type);
+}
+void ssh2_pkt_addbool(unsigned char value) {
+ ssh2_pkt_adddata(&value, 1);
+}
+void ssh2_pkt_adduint32(unsigned long value) {
+ unsigned char x[4];
+ PUT_32BIT(x, value);
+ ssh2_pkt_adddata(x, 4);
+}
+void ssh2_pkt_addstring_start(void) {
+ ssh2_pkt_adduint32(0);
+ pktout.savedpos = pktout.length;
+}
+void ssh2_pkt_addstring_str(char *data) {
+ ssh2_pkt_adddata(data, strlen(data));
+ PUT_32BIT(pktout.data + pktout.savedpos - 4,
+ pktout.length - pktout.savedpos);
+}
+void ssh2_pkt_addstring_data(char *data, int len) {
+ ssh2_pkt_adddata(data, len);
+ PUT_32BIT(pktout.data + pktout.savedpos - 4,
+ pktout.length - pktout.savedpos);
+}
+void ssh2_pkt_addstring(char *data) {
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_str(data);
+}
+char *ssh2_mpint_fmt(Bignum b, int *len) {
+ unsigned char *p;
+ int i, n = b[0];
+ p = malloc(n * 2 + 1);
+ if (!p)
+ fatalbox("out of memory");
+ p[0] = 0;
+ for (i = 0; i < n; i++) {
+ p[i*2+1] = (b[n-i] >> 8) & 0xFF;
+ p[i*2+2] = (b[n-i] ) & 0xFF;
+ }
+ i = 0;
+ while (p[i] == 0 && (p[i+1] & 0x80) == 0)
+ i++;
+ memmove(p, p+i, n*2+1-i);
+ *len = n*2+1-i;
+ return p;
+}
+void ssh2_pkt_addmp(Bignum b) {
+ unsigned char *p;
+ int len;
+ p = ssh2_mpint_fmt(b, &len);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(p, len);
+ free(p);
+}
+void ssh2_pkt_send(void) {
+ int cipherblk, maclen, padding, i;
+ static unsigned long outgoing_sequence = 0;
+
+ /*
+ * Add padding. At least four bytes, and must also bring total
+ * length (minus MAC) up to a multiple of the block size.
+ */
+ cipherblk = cipher ? cipher->blksize : 8; /* block size */
+ cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
+ padding = 4;
+ padding += (cipherblk - (pktout.length + padding) % cipherblk) % cipherblk;
+ pktout.data[4] = padding;
+ for (i = 0; i < padding; i++)
+ pktout.data[pktout.length + i] = random_byte();
+ PUT_32BIT(pktout.data, pktout.length + padding - 4);
+ if (csmac)
+ csmac->generate(pktout.data, pktout.length + padding,
+ outgoing_sequence);
+ outgoing_sequence++; /* whether or not we MACed */
+
+#if 0
+ debug(("Sending packet len=%d\r\n", pktout.length+padding));
+ for (i = 0; i < pktout.length+padding; i++)
+ debug((" %02x", (unsigned char)pktout.data[i]));
+ debug(("\r\n"));
+#endif
+
+ if (cscipher)
+ cscipher->encrypt(pktout.data, pktout.length + padding);
+ maclen = csmac ? csmac->len : 0;
+
+ s_write(pktout.data, pktout.length + padding + maclen);
+}
+
+#if 0
+void bndebug(char *string, Bignum b) {
+ unsigned char *p;
+ int i, len;
+ p = ssh2_mpint_fmt(b, &len);
+ debug(("%s", string));
+ for (i = 0; i < len; i++)
+ debug((" %02x", p[i]));
+ debug(("\r\n"));
+ free(p);
+}
+#endif
+
+void sha_mpint(SHA_State *s, Bignum b) {
+ unsigned char *p;
+ int len;
+ p = ssh2_mpint_fmt(b, &len);
+ sha_string(s, p, len);
+ free(p);
+}
+
+/*
+ * SSH2 packet decode functions.
+ */
+unsigned long ssh2_pkt_getuint32(void) {
+ unsigned long value;
+ if (pktin.length - pktin.savedpos < 4)
+ return 0; /* arrgh, no way to decline (FIXME?) */
+ value = GET_32BIT(pktin.data+pktin.savedpos);
+ pktin.savedpos += 4;
+ return value;
+}
+void ssh2_pkt_getstring(char **p, int *length) {
+ *p = NULL;
+ if (pktin.length - pktin.savedpos < 4)
+ return;
+ *length = GET_32BIT(pktin.data+pktin.savedpos);
+ pktin.savedpos += 4;
+ if (pktin.length - pktin.savedpos < *length)
+ return;
+ *p = pktin.data+pktin.savedpos;
+ pktin.savedpos += *length;
+}
+Bignum ssh2_pkt_getmp(void) {
+ char *p;
+ int i, j, length;
+ Bignum b;
+
+ ssh2_pkt_getstring(&p, &length);
+ if (!p)
+ return NULL;
+ if (p[0] & 0x80) {
+ bombout(("internal error: Can't handle negative mpints"));
+ return NULL;
+ }
+ b = newbn((length+1)/2);
+ for (i = 0; i < length; i++) {
+ j = length - 1 - i;
+ if (j & 1)
+ b[j/2+1] |= ((unsigned char)p[i]) << 8;
+ else
+ b[j/2+1] |= ((unsigned char)p[i]);
+ }
+ return b;
+}
+